recentpopularlog in


« earlier   
Fuzzing Like It’s 1989 | Trail of Bits Blog
Fuzzing has been a simple and reliable way to find bugs in programs for the last 30 years. While fuzzing research is advancing rapidly, even the simplest attempts that reuse 30-year-old code are successful at identifying bugs in modern Linux utilities.

The original fuzzing papers do a great job at foretelling the dangers of C and the security issues it would cause for decades. They argue convincingly that C makes it too easy to write unsafe code and should be avoided if possible. More directly, the papers show that even naive fuzz testing still exposes bugs, and such testing should be incorporated as a standard software development practice. Sadly, this advice was not followed for decades.
c  fuzzing  security 
20 days ago by whip_lash
crowbar/ at master · stedolan/crowbar
Crowbar is a library for testing code, combining QuickCheck-style property-based testing and the magical bug-finding powers of afl-fuzz.
ocaml  testing  fuzzing  property-based-testing  quickcheck 
4 weeks ago by vipom
boofuzz: Network Protocol Fuzzing for Humans — boofuzz 0.0.7 documentation
Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything
5 weeks ago by whip_lash
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
The Big List of Naughty Strings is an evolving list of strings which have a high probability of causing issues when used as user-input data. This is intended for use in helping both automated and manual QA testing; useful for whenever your QA engineer walks into a bar.
testing  strings  input  examples  fuzzing 
6 weeks ago by dlkinney
Faster fuzzing ferrets out 42 fresh zero-day flaws – Naked Security
American Fuzzy Lop (AFL) is a good example of a grey box fuzzer. However, the researchers wanted to make it even better. They decided that just feeling its way through a program by flipping bits in an input file would only get the fuzzer so far. It would be unlikely to address major structural changes in a file that could expose deeper bugs. To change that, they decided to create a map of the input file structure. This map, known as a virtual structure, describes the file format and shows where different parts (chunks) of the file begin and end along with how each chunk differs from others. In their case, they developed a virtual structure for media formats like wave audio files.
fuzzing  cybersecurity 
7 weeks ago by bwiese

Copy this bookmark:

to read